Fedora Looks At Tightening Its Crypto Policies Next Year
Fedora Linux is looking at tightening up its cryptographic policies with next year's Fedora 38/39 releases but for Fedora 37 later this year they will likely begin warning users around the planned changes.
The latest change proposal for Fedora 37 this autumn notes, "Cryptographic policies will be tightened in Fedora 38-39, SHA-1 signatures will no longer be trusted by default. Fedora 37 specifically doesn't come with any change of defaults, and this Fedora Change is an advance warning filed for extra visibility. Test your setup with FUTURE today and file bugs so you won't get bit by Fedora 38-39...The flagship change this time will be distrusting SHA-1 signatures on the cryptographic library level, affecting more than just TLS. OpenSSL will start blocking signature creation and verification by default, with the fallout anticipated to be wide enough for us to roll out the change across multiple cycles with multiple forewarnings. In Fedora 36, 37 and 38 released distrusting SHA-1 signatures will be opt-in. In Fedora 38 rawhide and Fedora 39 distrusting SHA-1 signatures will happen by default."
The upcoming crypto policy changes most notably include distrusting SHA-1 signatures. Due to SHA-1 signatures still being out there and used, the plan with Fedora 37 is to warn users/administrators when encountering such signatures. The "future" policy will require SHA-256 hashes or better for signatures, all HDMAC with SHA-256 or better for MACs, at least 256-bit keys for ciphers, and other tightening in the name of ensuring more robust security.
More details on these planned security changes and the warnings that could appear in Fedora 37 can be found via the Fedora Wiki.